viruses preventing scans

this is my roomies pc and didn't have any protection installed for a while. so i installed symantec endpoint(running) and spybot(not running) system constantly crashes even while nothing is open, and ctrl+alt+del rarely works when it does it will show almost all cpu being used while nothing is running. takes about 3 minutes to startup. so i did the basic PC maint. guide, then ran read and run me steps, and the first scan crashed with both setting options but it did detect a problem before always crashing, rebooted moved to the second scan and it crashed after 1 min 11 secs both times, did not show any problems though. and i am attaching the last 2 scan logs, i have run this entire process on my 2 PC and was successful each time. so I'm pretty sure i did it all right, please look at my logs and instruct me in what to do to remove all problems, thank you very much, i have read a lot of your guides and i think you geeks are amazing at what you do, hats off gentlemen. please feel free to contact me if you need anymore info. cheers!

 

ok, thanks. but can you tell me why no virus scans will finish scanning, and what about the virus that sas was showing all 4 tries the same trojan but never finished scanning and never deletet the trojan. also i cant get sep to finish a scan either it will only finish if i do not show hidden files and system files and hidden ext, thanks again for your help. oh and btw my pc is also having a prob with sep finishing a scan and it never had any problems before?

 

Sometimes anti-malware programs can't get along. It seems that you have the following installed:

Symantec
Spybot Search & Destroy
SUPERAntiSpyware
Malwarebytes' Anti-Malware

What Symantec is it? The general rule is:

Only one anti-spyware program with realtime protection
Only one anti-virus program with realtime protection
Only One firewall

If Symantec takes care of all these 3 you should check that the build-in firewall is disabled. You can't run two. Also check that none of the other programs have realtime functions enabled.

Actually: I doubt that you need Spybot Search & Destroy if your Symantec is an Internet suite? It's Teatimer is very troublesome.

 

thanks, and im pretty sure i have all other programs realtime turned off but i will check, and i m not pos about symantec all i know is i have symantec endpoint protection that i get froo from my university, and if it helps it does have a "network threat protection" on the main console.

 

These 4 methods can repair and/or replace missing/damaged files. Running them all wont hurt:

System Restore: http://support.microsoft.com/kb/306084
chkdsk: http://support.microsoft.com/kb/315265/en-us
scannow: http://support.microsoft.com/kb/310747/en-us
Windows Live OneCare Safty Scanner - free online: http://onecare.live.com/site/en-us/default.htm

A 5th metod is a repair install but lets see if the above can't do it: http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx

 

Symantec is not popular and for good reasons but in all likelihood it's not what's causing this problem.

If it's related to your security programs at all - which we don't know - Spybot Search & Destroy is the prime suspect...

 

yeah i was actually getting the suspision that sep was not doing a good enough job for a while now, and do you mean that spybot is what is most likley stopping sep from a full scan? and can you recomend a better free all in one protection or a group of programs i need to do everything? thanks

 

No, I do not believe that any freeware combinations can protect you better than a Symantec suite. I do, however, believe that a lot of security pro suites are better than Symantec/Nortons products. Money, money! :-D

But this is probably not malware related. The reason why your security programs are unable to finish a scan could be related to damaged or missing files in your operation system.

It could also be related to damage to your Symantec program. A reinstall of Symantec might also be a solution.

I would still remove Spybot, though. Remember to shot it down first and deactivate it's teatimer and it's immunizer. And do a thorough search for remains to delete.

 

ok cool, is there a guide anywhere that would tell me how to completely uninstall spybot?

 

Yes, right here: http://www.safer-networking.org/en/howto/uninstall.html

You should still do as described above, though. Disable it's functions and shot it down - make sure nothing is running when you go to Add/remove programs.

 

oh great thank you so much, i will try all the things you said and then report back the results, if all else fails im prob gonna do a full restore of the os if i can find instructions on how to make os disks, neither of my pc's have them.

 

Did you have Windows Defender installed also? It too must have it's realtime functions disabled so that Symantec can do is work...

 

i do not know if it is installed or not, if it is will it be easy to disable?

 

Yes, it's easy. Open Spybot and look around inside it. Look for the Immunizer and for Teatimer. Same for Windows Defender if it's there.

 

You have it installed. Just checked your logs. It sitting here: c:\program files\Windows Defender

 

ok cool thanks

 

the first 3 links here are all for windows xp, but i have vista. are there different links or should i just convert the instructions to my needs?

 

these instructions are for xp im on vista, do you have links for vista or should i just convert them to work for me?

 

System Restore Vista: http://windowshelp.microsoft.com/Windows/en-US/help/517d3b8e-3379-46c1-b479-05b30d6fb3f01033.mspx
chkdsk Vista: http://windowshelp.microsoft.com/Windows/en-us/help/bc1393cf-9f9c-79c7-0f91-9337c2c41f811033.mspx
scannow Vista: http://support.microsoft.com/kb/929833
Windows Live OneCare Safty Scanner - free online for Vista: http://onecare.live.com/site/en-US/center/whatsnew.htm
Last Known Good Configuration Vista: http://windowshelp.microsoft.com/Windows/en-US/help/cdb4c0dd-5698-4197-b906-d6a6d413621d1033.mspx

 

thank you, ill let you know how it all turns out!

 

Yes, please - do that. :cool

 

to Cordialis
In response to your statement in post #4 about "no more than 1 antispyware at one time with real-time protection".
I always have SpywareBlaster AND SpywareGuard on at the same time. They compliment each other very well. SpywareBlaster is a signature base and SpywareGuard is heuristic(action) based. They don't conflict in any way.

 

SpywareBlaster is not a conventional anti-spyware program. It works completely different and it can, as you say, work fine alongside a realtime anti-spyware program. Speaking of SpywareBlaster: a new version came out 2 days ago. 4.2: http://majorgeeks.com/download2859.html

 

Too late. Already got and installed.

 

ok ii just did system restore and now windows crashes before it is even done booting up fully (symantec is not fully activated yet) so now i amm undoing the restore in safe mode. should i continue with the next link or do you have a new plan now?

 

Yes, you should run a chkdsk.

 

I didn't write the following and I've forgotten the source. :-o Sorry:

How to run the CHECK DISK in SAFE MODE via the COMMAND PROMPT.

Start the computer in safe mode and running command prompt When you start the computer in safe mode, you can determine whether the cause of the startup-related performance issue is related to a background service or to a driver or an update that has failed.

To start in safe mode, follow these steps:
1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
2. Click Start, click the arrow next to the Lock button, and then click Restart.
3. Press and hold the F8 key as your computer restarts.

Note You have to press F8 before the Windows logo appears. If the Windows logo appears, you must try to restart your computer. To do this, wait until the Windows logon prompt appears, and then shut down and restart your computer.

4. On the Advanced Boot Options screen, use the arrow keys to select the Safe Mode with Command Prompt option, and then press ENTER.
5. Log on to your computer by using a user account that has administrator rights.
6. Upon logging in, you will see a black screen with a command prompt where you can enter commands, usually shows in C:\Windows\SYSTEM32>, however, if you are seeing another path instead of the one provided, you can just type in cd\ then typing in cd c:\Windows\system32 to go to that path.
7. Just type in CHKDSK and it should run the CHKDSK for you.​

 

ok ill do that now, on a side note on my other pc i deleted spybot, combofix and mgtools and i still get this msg when i try to run a scan

 

It seems to be from another Majorgeeks thread: http://74.86.201.210/showthread.php?p=1183201

 

If Symantec is damaged a reinstall could help...

 

ok i will do that later now im doing the chkdsk in safe cmd prompt

 

Fine. That is something that we all should do now and then, Microsoft says.

 

ok i ran it but i did not have an option to "auto fix file system errors" so cmd prompt window is just open showing results what do i do?

 

What are the results? Did it find any errors?

 

bumping this because i think we both responded at the same time and i wasnt sure if you saw this, if so sorry, not trying to rush you or anything.

"ok i ran it but i did not have an option to "auto fix file system errors" so cmd prompt window is just open showing results what do i do?"

 

i dont know where to look but i can see 4kb in bad sectors near the bottom

 

ok i will copy paste all the errors gimme a minute

 

I think you need to run it again. This time use chkdsk /F. Like this - scroll a bit: http://maximumpcguides.com/windows-vista/how-to-use-check-disk-in-windows-vista/

 

ok i see it now ill report soon, thanks

 

is there a space between chkdsk and /f?
if so i get "chkdsk cannat run because the volume is in use by another process. would you like to schedule this volume to be checked the next time the system restarts? <y/n>

 

Yes! The space must be there. And yes - you want to schedule. So type y and hit Enter. Then reboot.

 

ok i ran it and it said it was finished with the scan but i did not see anything about it fixing any errors i dont kow if it normally says so or if i just didnt see it, im in normal admin login now should i continue with the third link in your post #20 now?

 

Well, you could just wait and see if it helped. This could have fixed the problem. Have you started Symantec again to test it? On the other hand a scannow will add additional security. Those 2 chkdsk and scannow is something we all ought to run a few times a year anyway. Also a visit to Microsoft Update would be of benefit. Select the button "Custom" this time and install it's suggestions. If you have the time for it, the free OneCare Live scanner will give you even more advantage with a full scan. Then you've done it well.

 

ok thanks again for everything and ill let you know in a day or so, thanks again.

 

Ok. :cool

 

the pc is still acting up, so i ran sfc /scannow and it will not continue after verifacation 26% complete. and then i have to hard boot, im going to try windows update now?

 

the second time i tried scannow i did not have to hard boot i was able to use the mouse to close cmd promt and restart

 

Ok, so after scannow would not finish i rebooted and did Microsoft update and after that it asked to reboot, i click yes, after reboot a screen pops up showing the progress of the new updates finishing the install/update, it automatically does a chkdsk, but i had NOT scheduled one and once it is done it displays a error msg box saying that windows could not startup, and that it is sending/retrieving info from Microsoft to see if it can repair the startup problem and that it may take some time and reboot a few times in the process" and it does reboot once or twice to finally show me another error msg box saying that it could not fix the error and i need to reboot and if it happens again to contact my admin, but no button to click to reboot so i had to hard boot and it started up fine, then i go do the ms onecare live scan and at 21% windows freezes the file it it froze scanning is "c:windows\winx\x86_microsoft-...\perfc.dat the portion of the file path where the ... is, is unknown to we because it was not shown and i could not move my mouse to try and read it all, i had to hardboot yet again, and on startup it automatically starts another chkdsk. so really the only thing i have "fixed" since she gave me the pc is startup items was slimmed down to enhance startup time, unneeded background running programs are all set to manual or disabled for a very minimal amount of ram freed up, and unneeded programs uninstalled, and the pc still wont finish any sort of scan or process that takes a lot of ram to run. and what do i do next, i know i might still need to re-install symantec but im waiting in case i need to do a full os reinstall.please take your time and let me know what you think i should do now. and again THANK YOU SO MUCH! is it possible that it just does not have enough ram to perform a task that takes up alot of ram or not?

 

I totally disagree. I've seen more infected computers with Norton/Symantec then I've seen with no anti-virus at all. Norton/Symantec is a bloated piece of crapware that leads the user into a false sense of security while hogging all of the users resources. You are right about one thing.. its all about money!

I use a combination of free software (on both the laptop and the desktop) and have never had any problems. I would certainly never suggest Norton/Symantec to anyone.

Here is a list of software that I have installed. All of which get along perfectly with one another and all which are free.

Malwarebytes Anti-Malware (scanner is free)
Spywareblaster
Comodo Bo-Clean
Avira Antivir
Comodo Verification Engine
Winpatrol
SuperAntiSpyware